Connect OAuth
Torque Connect is the v1 user consent gate for embedded wallets and third-party execute. Your app starts OAuth; the user approves scopes on a hosted screen; you exchange the authorization code for a delegated JWT and call POST /execute/**. Business API keys provision wallets and read data — they do not sign user transactions.
Prerequisites
- Business API key from developers.torque.fi (server only).
- App URL registered in portal Settings → Cash-Out Setup (callback
https://yourapp.com/torque/connect/callback). - End-user wallet provisioned via Integrator Wallets when building embedded fintech flows.
OAuth Flow
| Who | Action |
|---|---|
| Your server | POST /connect/authorize/session with redirect_uri, PKCE, and optional externalUserId |
| User | Approves scopes on hosted Connect consent screen |
| Your server | Callback at https://yourapp.com/torque/connect/callback receives ?code=… |
| Your server | POST /connect/token → delegated JWT |
| Your server | POST /execute/** with delegated JWT (never sk_live_… for user txs) |
Test before launch: portal Settings → enable test cash-out (callback https://developers.torque.fi/connect/callback).
2. Exchange Code
curl -sS -X POST "https://app.torque.fi/api/v1/connect/token" \
-H "Authorization: Bearer $TORQUE_KEY" \
-H "Content-Type: application/json" \
-d '{
"code": "<from_callback>",
"redirectUri": "https://yourapp.com/torque/connect/callback",
"codeVerifier": "<pkce_verifier>"
}' | jq '.accessToken, .expiresIn'The returned accessToken is the delegated JWT for execute routes.
3. Execute
export DELEGATED_JWT="<accessToken from /connect/token>"
curl -sS -X POST "https://app.torque.fi/api/v1/execute/transfers" \
-H "Authorization: Bearer $DELEGATED_JWT" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{ ... prepared transfer body ... }'Route catalog and idempotency: Actions API, Execute Idempotency.
Integration Profiles
Torque supports multiple partner shapes. Profile B uses POST /connect/confirm → /connect/execute. Profiles C/D use the OAuth flow above. See Authentication and Actions: cash-out and execute.
SDKs: torque-connect, torque-actions, @torquefi/react TorqueConnectButton.
Questions or corrections? hello@torque.fi